NixOS · Conni2461 · Nov 30, 2025 · Dec 4, 2025
diff --git a/non-critical-infra/hosts/staging-hydra/hydra.nix b/non-critical-infra/hosts/staging-hydra/hydra.nix
@@ -13,7 +13,7 @@ let
 in
 {
   networking.firewall.allowedTCPPorts = [
-    9198 # queue-runnner metrics
+    8080 # queue-runnner metrics
     9199 # hydra-notify metrics
   ];
 
@@ -63,7 +63,16 @@ in
   services = {
     hydra-dev = {
       enable = true;
-      package = pkgs.hydra;
+      package = (
+        pkgs.hydra.overrideAttrs {
+          patches = [
+            (pkgs.fetchpatch2 {
+              url = "https://patch-diff.githubusercontent.com/raw/NixOS/hydra/pull/1542.patch";
+              hash = "sha256-FG4s3VfyDLyBP407W4Y2h8zbWYE2k/ocrIZKu5xPYuo=";
+            })
+          ];
+        }
+      );
       buildMachinesFiles = [
         (pkgs.writeText "local" ''
           localhost ${lib.concatStringsSep "," localSystems} - 3 1 ${lib.concatStringsSep "," config.nix.settings.system-features} - -
@@ -120,12 +129,20 @@ in
 
     hydra-queue-runner-v2 = {
       enable = true;
+      rest = {
+        address = "[::0]";
+        port = 8080;
+      };
       settings = {
         queueTriggerTimerInS = 300;
         concurrentUploadLimit = 2;
         remoteStoreAddr = [
           "s3://nix-cache-staging?secret-key=${config.sops.secrets.signing-key.path}&ls-compression=br&log-compression=br"
         ];
+        fodChecker = {
+          enable = true;
+          uploadRealisations = true;
+        };
       };
     };
 

diff --git a/non-critical-infra/modules/hydra-queue-runner-v2.nix b/non-critical-infra/modules/hydra-queue-runner-v2.nix
@@ -116,6 +116,42 @@ in
               type = lib.types.nullOr lib.types.path;
               default = null;
             };
+            usePresignedUploads = lib.mkOption {
+              description = ''
+                If enabled the queue runner will no longer upload to s3 but rather the builder will do the uploads.
+                This also requires a s3 remote store, as well as substitution on the builders.
+                You can use forcedSubstituters setting to specify the required substituter on the builders.
+              '';
+              type = lib.types.bool;
+              default = false;
+            };
+            forcedSubstituters = lib.mkOption {
+              description = "Force a list of substituters per builder. Builder will no longer be accepted if they don't have `useSubstitutes` with the substituters listed here.";
+              type = lib.types.listOf lib.types.singleLineStr;
+              default = [ ];
+            };
+            fodChecker = lib.mkOption {
+              description = "Reloadable settings for queue runner";
+              type = lib.types.submodule {
+                options = {
+                  enable = lib.mkOption {
+                    description = "Enable FOD Checker";
+                    type = lib.types.bool;
+                    default = false;
+                  };
+                  secondsBetweenFodChecks = lib.mkOption {
+                    description = "Time in seconds between FOD Checker";
+                    type = lib.types.int;
+                    default = 60 * 60 * 24 * 7;
+                  };
+                  uploadRealisations = lib.mkOption {
+                    description = "Upload realisations outputs of FOD Checker to remote store.";
+                    type = lib.types.bool;
+                    default = false;
+                  };
+                };
+              };
+            };
           };
         };
         default = { };

diff --git a/non-critical-infra/packages/hydra-queue-runner/default.nix b/non-critical-infra/packages/hydra-queue-runner/default.nix
@@ -14,14 +14,14 @@
   withOtel ? false,
 }:
 let
-  version = "unstable-2025-11-27";
+  version = "unstable-2025-11-30";
   src = fetchFromGitHub {
     owner = "helsinki-systems";
     repo = "hydra-queue-runner";
-    rev = "8266ce9818393ee9d0fe3ffd7bcde3eb09c2221f";
-    hash = "sha256-tC4s+opt4BpN0qFx96AXhtUEJj8T7J5C68Hjj2OEetM=";
+    rev = "ede19bdf00e737f35f9bbef8df79dd5ea5be7642";
+    hash = "sha256-tQTSjzh32jaby+0O6u+16zwZvUolYaWR7ENlR4+S+dI=";
   };
-  cargoHash = "sha256-49p2mC0DmsdgWdj4mWZf7SZj4Gd9eQFqTGRDzvMYSQM=";
+  cargoHash = "sha256-MzyIdXgYQXz4hI7qUHBWvU036nsc2/e62cF18FnOjYw=";
   nativeBuildInputs = [
     pkg-config
     protobuf